<?php
session_start();

if($_SERVER["REQUEST_METHOD"] == "POST") {
    $pageid = $_GET['pageid'];
    $article = $_GET['article'];
    include('../config.php');
    $connect = new mysqli(DB_HOST,DB_USER,DB_PASS,DB_NAME);
    $commentbody = mysqli_real_escape_string ($connect, nl2br($_POST['body']));

    if(strlen($commentbody) > 1 && $_SESSION['username']) {

        $query = $connect->query("INSERT INTO comments (page, postid, author, time, body) VALUES ('".$pageid."', '".$article."', '".$_SESSION['username']."', NOW(), '".$commentbody."')");
        header("location:../page/2/news/article/$article");
        $connect->close();
        exit;
    }

    else {
        header("location:../page/2/news/article/$article");
        return "<p>Please fill in all required fields.</p>";
    }
}
?>
